- Table of Contents
-
- H3C S3100-52P Operation Manual-Release 1602(V1.01)
- 00-1Cover
- 00-2Product Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Operation
- 06-Voice VLAN Operation
- 07-GVRP Operation
- 08-Port Basic Configuration Operation
- 09-Link Aggregation Operation
- 10-Port Isolation Operation
- 11-Port Security-Port Binding Operation
- 12-DLDP Operation
- 13-MAC Address Table Management Operation
- 14-MSTP Operation
- 15-Static Route Operation
- 16-Multicast Operation
- 17-802.1x and System Guard Operation
- 18-AAA Operation
- 19-Web Authentication Operation
- 20-MAC Address Authentication Operation
- 21-ARP Operation
- 22-DHCP Operation
- 23-ACL Operation
- 24-QoS-QoS Profile Operation
- 25-Mirroring Operation
- 26-Stack-Cluster Operation
- 27-SNMP-RMON Operation
- 28-NTP Operation
- 29-SSH Operation
- 30-File System Management Operation
- 31-FTP-SFTP-TFTP Operation
- 32-Information Center Operation
- 33-System Maintenance and Debugging Operation
- 34-VLAN-VPN Operation
- 35-HWPing Operation
- 36-IPv6 Management Operation
- 37-DNS Operation
- 38-Smart Link-Monitor Link Operation
- 39-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
10-Port Isolation Operation | 60.41 KB |
Table of Contents
Chapter 1 Port Isolation Configuration
1.2 Port Isolation Configuration
1.3 Displaying and Maintaining Port Isolation Configuration
1.4 Port Isolation Configuration Example
Chapter 1 Port Isolation Configuration
When configuring port isolation, go to these sections for information you are interested in:
l Port Isolation Configuration
l Displaying and Maintaining Port Isolation Configuration
l Port Isolation Configuration Example
1.1 Port Isolation Overview
Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group. Thus, you can construct your network in a more flexible way and improve your network security.
Currently, you can create only one isolation group on an S3100-52P Ethernet switch. The number of Ethernet ports in an isolation group is not limited.
& Note:
l An isolation group only isolates the member ports in it.
l Port isolation is independent of VLAN configuration.
1.2 Port Isolation Configuration
You can perform the following operations to add an Ethernet ports to an isolation group, thus isolating Layer 2 and Layer 3 data among the ports in the isolation group.
Follow these steps to configure port isolation:
To do … |
Use the command … |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet port view |
interface interface-type interface-number |
— |
Add the Ethernet port to the isolation group |
port isolate |
Required By default, an isolation group contains no port. |
& Note:
l When a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group on the local unit will join/leave the isolation group at the same time.
l For ports that belong to an aggregation group and an isolation group simultaneously, removing a port from the aggregation group has no effect on the other ports. That is, the rest ports remain in the aggregation group and the isolation group.
l Ports that belong to an aggregation group and an isolation group simultaneously are still isolated even when you remove the aggregation group in system view.
l Adding a port of an isolation group to an aggregation group causes all the ports in the aggregation group being added to the isolation group.
1.3 Displaying and Maintaining Port Isolation Configuration
To do … |
Use the command … |
Remarks |
Display information about the Ethernet ports added to the isolation group |
display isolate port |
Available in any view |
1.4 Port Isolation Configuration Example
I. Network requirements
l PC2, PC3 and PC4 connect to the switch ports Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 respectively.
l The switch connects to the Internet through Ethernet1/0/1.
l It is desired that PC2, PC3 and PC4 are isolated from each other so that they cannot communicate with each other.
II. Network diagram
Figure 1-1 Network diagram for port isolation configuration
III. Configuration procedure
# Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface ethernet1/0/2
[Sysname-Ethernet1/0/2] port isolate
[Sysname-Ethernet1/0/2] quit
[Sysname] interface ethernet1/0/3
[Sysname-Ethernet1/0/3] port isolate
[Sysname-Ethernet1/0/3] quit
[Sysname] interface ethernet1/0/4
[Sysname-Ethernet1/0/4] port isolate
[Sysname-Ethernet1/0/4] quit
[Sysname] quit
# Display information about the ports in the isolation group.
<Sysname> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4